package org.phenotips.data.rest.internal;

import com.xpn.xwiki.XWiki;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.sf.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.maven.doxia.sink.SinkEventAttributes;
import org.apache.xpath.compiler.Keywords;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.phenotips.data.rest.DomainObjectFactory;
import org.phenotips.data.rest.PatientByExternalIdResource;
import org.phenotips.data.rest.PatientResource;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceResolver;
import org.xwiki.query.Query;
import org.xwiki.query.QueryException;
import org.xwiki.query.QueryManager;
import org.xwiki.rest.XWikiResource;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

@Singleton
@Component
@Named("org.phenotips.data.rest.internal.DefaultPatientByExternalIdResourceImpl")
/* loaded from: input_file:WEB-INF/lib/patient-data-rest-1.2-rc-1.jar:org/phenotips/data/rest/internal/DefaultPatientByExternalIdResourceImpl.class */
public class DefaultPatientByExternalIdResourceImpl extends XWikiResource implements PatientByExternalIdResource {

    @Inject
    private Logger logger;

    @Inject
    private PatientRepository repository;

    @Inject
    private DomainObjectFactory factory;

    @Inject
    private QueryManager qm;

    @Inject
    private AuthorizationManager access;

    @Inject
    private UserManager users;

    @Inject
    @Named(Keywords.FUNC_CURRENT_STRING)
    private EntityReferenceResolver<EntityReference> currentResolver;

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response getPatient(String str) {
        this.logger.debug("Retrieving patient record with external ID [{}] via REST", str);
        Patient patientByExternalId = this.repository.getPatientByExternalId(str);
        if (patientByExternalId == null) {
            return checkForMultipleRecords(patientByExternalId, str);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(Right.VIEW, currentUser == null ? null : currentUser.getProfileDocument(), patientByExternalId.getDocument())) {
            this.logger.debug("View access denied to user [{}] on patient record [{}]", currentUser, patientByExternalId.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        JSONObject json2 = patientByExternalId.toJSON();
        json2.accumulate("links", new JSONObject().accumulate(SinkEventAttributes.REL, "self").accumulate("href", this.uriInfo.getBaseUriBuilder().path(PatientResource.class).build(patientByExternalId.getId()).toString()));
        return Response.ok(json2, MediaType.APPLICATION_JSON_TYPE).build();
    }

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response updatePatient(String str, String str2) {
        this.logger.debug("Updating patient record with external ID [{}] via REST with JSON: {}", str2, str);
        Patient patientByExternalId = this.repository.getPatientByExternalId(str2);
        if (patientByExternalId == null) {
            return checkForMultipleRecords(patientByExternalId, str2);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(Right.EDIT, currentUser == null ? null : currentUser.getProfileDocument(), patientByExternalId.getDocument())) {
            this.logger.debug("Edit access denied to user [{}] on patient record [{}]", currentUser, patientByExternalId.getId());
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        JSONObject fromObject = JSONObject.fromObject(str);
        String optString = fromObject.optString("id");
        if (StringUtils.isNotBlank(optString) && !patientByExternalId.getId().equals(optString)) {
            throw new WebApplicationException(Response.Status.CONFLICT);
        }
        try {
            patientByExternalId.updateFromJSON(fromObject);
            return Response.noContent().build();
        } catch (Exception e) {
            this.logger.warn("Failed to update patient [{}] from JSON: {}. Source JSON was: {}", patientByExternalId.getId(), e.getMessage(), str);
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response deletePatient(String str) {
        this.logger.debug("Deleting patient record with external ID [{}] via REST", str);
        Patient patientByExternalId = this.repository.getPatientByExternalId(str);
        if (patientByExternalId == null) {
            return checkForMultipleRecords(patientByExternalId, str);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(Right.DELETE, currentUser == null ? null : currentUser.getProfileDocument(), patientByExternalId.getDocument())) {
            this.logger.debug("Delete access denied to user [{}] on patient record [{}]", currentUser, patientByExternalId.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        XWikiContext xWikiContext = getXWikiContext();
        XWiki wiki = xWikiContext.getWiki();
        try {
            wiki.deleteDocument(wiki.getDocument(patientByExternalId.getDocument(), xWikiContext), xWikiContext);
            this.logger.debug("Deleted patient record with external id [{}]", str);
            return Response.noContent().build();
        } catch (XWikiException e) {
            this.logger.warn("Failed to delete patient record with external id [{}]: {}", str, e.getMessage());
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Response checkForMultipleRecords(Patient patient, String str) {
        try {
            Query createQuery = this.qm.createQuery("where doc.object(PhenoTips.PatientClass).external_id = :eid", Query.XWQL);
            createQuery.bindValue("eid", str);
            List<String> execute = createQuery.execute();
            if (execute.size() > 1) {
                this.logger.debug("Multiple patient records ({}) with external ID [{}]: {}", Integer.valueOf(execute.size()), str, execute);
                return Response.status(300).entity(this.factory.createAlternatives(execute, this.uriInfo)).build();
            }
        } catch (QueryException e) {
            this.logger.warn("Failed to retrieve patient with external id [{}]: {}", str, e.getMessage());
        }
        if (patient != null) {
            return null;
        }
        this.logger.debug("No patient record with external ID [{}] exists yet", str);
        return Response.status(Response.Status.NOT_FOUND).build();
    }
}
